<!DOCTYPE html>





<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 3.9.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=7.4.0">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32.png?v=7.4.0">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16.png?v=7.4.0">
  <link rel="mask-icon" href="/images/avatar.svg?v=7.4.0" color="#222">
  <link rel="alternate" href="/atom.xml" title="Anemone's Blog" type="application/atom+xml">
  <meta name="google-site-verification" content="Re5JdegRYzNFco-rC9lYIsvSWIgh5JvyfhuEaZCeFCk">
  <meta name="baidu-site-verification" content="opTC8YN3Pn">

<link rel="stylesheet" href="/css/main.css?v=7.4.0">


<link rel="stylesheet" href="https://cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.min.css">


<script id="hexo-configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Pisces',
    version: '7.4.0',
    exturl: false,
    sidebar: {"position":"left","display":"post","offset":12,"onmobile":false},
    copycode: {"enable":false,"show_result":false,"style":null},
    back2top: {"enable":true,"sidebar":false,"scrollpercent":false},
    bookmark: {"enable":false,"color":"#222","save":"auto"},
    fancybox: false,
    mediumzoom: false,
    lazyload: false,
    pangu: false,
    algolia: {
      appID: 'GB90MXPJ1C',
      apiKey: '05d808da3baf50ac2f2fad2dc3a3cd8f',
      indexName: 'dev_blog',
      hits: {"per_page":20},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    },
    localsearch: {"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":true,"preload":false},
    path: 'search.xml',
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    translation: {
      copy_button: '复制',
      copy_success: '复制成功',
      copy_failure: '复制失败'
    },
    sidebarPadding: 40
  };
</script>

  <meta name="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
<meta property="og:type" content="website">
<meta property="og:title" content="Anemone&#39;s Blog">
<meta property="og:url" content="http://anemone.top/page/2/index.html">
<meta property="og:site_name" content="Anemone&#39;s Blog">
<meta property="og:description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
<meta property="og:locale" content="zh-CN">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Anemone&#39;s Blog">
<meta name="twitter:description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
  <link rel="canonical" href="http://anemone.top/page/2/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome: true,
    isPost: false,
    isPage: false,
    isArchive: false
  };
</script>

  <title>Anemone's Blog</title>
  








  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .logo,
  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-CN">
  <div class="container use-motion">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-meta">

    <div>
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">Anemone's Blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
  </div>

  <div class="site-nav-toggle">
    <button aria-label="切换导航栏">
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>


<nav class="site-nav">
  
  <ul id="menu" class="menu">
      
      
      
        
        <li class="menu-item menu-item-home">
      
    

    <a href="/" rel="section"><i class="fa fa-fw fa-home"></i>首页</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-about">
      
    

    <a href="/about/" rel="section"><i class="fa fa-fw fa-user"></i>关于</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-tags">
      
    

    <a href="/tags/" rel="section"><i class="fa fa-fw fa-tags"></i>标签</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-categories">
      
    

    <a href="/categories/" rel="section"><i class="fa fa-fw fa-th"></i>分类</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-archives">
      
    

    <a href="/archives/" rel="section"><i class="fa fa-fw fa-archive"></i>归档</a>

  </li>
      <li class="menu-item menu-item-search">
        <a href="javascript:;" class="popup-trigger">
        
          <i class="fa fa-search fa-fw"></i>搜索</a>
      </li>
    
  </ul>

</nav>
  <div class="site-search">
    <div class="popup search-popup">
    <div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input" id="search-input"></div>
  <span class="popup-btn-close">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div class="algolia-results">
  <div id="algolia-stats"></div>
  <div id="algolia-hits"></div>
  <div id="algolia-pagination" class="algolia-pagination"></div>
</div>

  
</div>
<div class="search-pop-overlay"></div>

  </div>
</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>
  <div class="reading-progress-bar"></div>


    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
            

          <div id="content" class="content">
            
  <div id="posts" class="posts-expand">
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/pl-静态程序分析课程笔记（数据流分析-理论基础）/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/pl-静态程序分析课程笔记（数据流分析-理论基础）/" class="post-title-link" itemprop="url">静态程序分析课程笔记（数据流分析-理论基础）</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-08-02 17:34:13" itemprop="dateCreated datePublished" datetime="2020-08-02T17:34:13+08:00">2020-08-02</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-10-18 12:04:24" itemprop="dateModified" datetime="2020-10-18T12:04:24+08:00">2020-10-18</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/Program-Language/" itemprop="url" rel="index"><span itemprop="name">Program Language</span></a></span>

                
                
              
            </span>
          

          
            <span id="/pl-静态程序分析课程笔记（数据流分析-理论基础）/" class="post-meta-item leancloud_visitors" data-flag-title="静态程序分析课程笔记（数据流分析-理论基础）" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <h1 id="Iterative-Algorithm"><a href="#Iterative-Algorithm" class="headerlink" title="Iterative Algorithm"></a>Iterative Algorithm</h1><ul>
<li><p>对于一个含 $k$ 个节点的CFG，每个迭代算法对于每个node $n$ 更新$\mathrm{OUT}[n]$。</p>
</li>
<li><p>假设迭代算法的研究对象（domain）是$V$，定义一个k元组<br>  <script type="math/tex">V^k=\left(\mathrm{OUT}\left[\mathrm{n}_{1}\right], \mathrm{OUT}\left[\mathrm{n}_{2}\right], \ldots, \mathrm{OUT}\left[\mathrm{n}_{\mathrm{k}}\right]\right)$，$V^k\in(V_1 \times V_2 \times \dots \times V_k)</script>，<br>  $ V^k $ 即一次迭代产生的输出，每次迭代会更新$V^k$，可以将每次迭代经过transfer functions和control-flow handing的过程抽象为$F: V^k\rightarrow {V^{k}}’$</p>
</li>
<li><p>当$V^k\rightarrow {V^{k}}’$时，即$X=F(X)$ ，称$F(x)$在$X$处到达了<strong>不动点</strong>，$X$为$F(x)$的不动点，</p>
</li>
</ul>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/pl-静态程序分析课程笔记（数据流分析-理论基础）/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/pl-静态程序分析课程笔记（数据流分析-应用）/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/pl-静态程序分析课程笔记（数据流分析-应用）/" class="post-title-link" itemprop="url">静态程序分析课程笔记（数据流分析-应用）</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-08-02 17:34:13" itemprop="dateCreated datePublished" datetime="2020-08-02T17:34:13+08:00">2020-08-02</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-10-04 11:34:30" itemprop="dateModified" datetime="2020-10-04T11:34:30+08:00">2020-10-04</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/Program-Language/" itemprop="url" rel="index"><span itemprop="name">Program Language</span></a></span>

                
                
              
            </span>
          

          
            <span id="/pl-静态程序分析课程笔记（数据流分析-应用）/" class="post-meta-item leancloud_visitors" data-flag-title="静态程序分析课程笔记（数据流分析-应用）" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <h1 id="Overview-amp-Preliminaries"><a href="#Overview-amp-Preliminaries" class="headerlink" title="Overview &amp;  Preliminaries"></a>Overview &amp;  Preliminaries</h1><p>两类分析：</p><ul>
<li>may Analysis：over-approximation</li>
<li>must Analysis：under-approximation</li>
</ul><p>实际上都是为了safety of analysis。</p><h2 id="对数据流分析的几种解释"><a href="#对数据流分析的几种解释" class="headerlink" title="对数据流分析的几种解释"></a>对数据流分析的几种解释</h2>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/pl-静态程序分析课程笔记（数据流分析-应用）/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/pl-静态程序分析课程笔记（简介）/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/pl-静态程序分析课程笔记（简介）/" class="post-title-link" itemprop="url">静态程序分析课程笔记（简介）</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-08-02 16:34:13" itemprop="dateCreated datePublished" datetime="2020-08-02T16:34:13+08:00">2020-08-02</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-10-03 12:03:43" itemprop="dateModified" datetime="2020-10-03T12:03:43+08:00">2020-10-03</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/Program-Language/" itemprop="url" rel="index"><span itemprop="name">Program Language</span></a></span>

                
                
              
            </span>
          

          
            <span id="/pl-静态程序分析课程笔记（简介）/" class="post-meta-item leancloud_visitors" data-flag-title="静态程序分析课程笔记（简介）" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p>母校计算机院的李樾、谭添老师讲的课，听了第一节课就哭了，决定做一下笔记，课程网站 <a href="https://pascal-group.bitbucket.io/teaching.html。" target="_blank" rel="noopener">https://pascal-group.bitbucket.io/teaching.html。</a></p><h1 id="PL知识体系"><a href="#PL知识体系" class="headerlink" title="PL知识体系"></a>PL知识体系</h1><p><img src="/pl-静态程序分析课程笔记（简介）/image-20200802113608162.png" alt="image-20200802113608162"></p><p>如上图所示，主要分三大块，理论部分包含语言设计、类型系统、语义和逻辑检查；环境部分包含编译器和运行时设计等；应用部分包含程序分析、程序验证和程序生成等，本课程主要关注于应用方面的程序分析。</p>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/pl-静态程序分析课程笔记（简介）/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/iast-悬镜技术分享笔记——灰盒测试/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/iast-悬镜技术分享笔记——灰盒测试/" class="post-title-link" itemprop="url">悬镜技术分享笔记——灰盒测试</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-06-14 16:21:52 / 修改时间：17:12:54" itemprop="dateCreated datePublished" datetime="2020-06-14T16:21:52+08:00">2020-06-14</time>
            </span>
          
            

            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/IAST/" itemprop="url" rel="index"><span itemprop="name">IAST</span></a></span>

                
                
              
            </span>
          

          
            <span id="/iast-悬镜技术分享笔记——灰盒测试/" class="post-meta-item leancloud_visitors" data-flag-title="悬镜技术分享笔记——灰盒测试" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p>悬镜的一个技术分享会，大致讲了三种IAST的实现，这里做一个笔记总结。</p><h1 id="IAST简介"><a href="#IAST简介" class="headerlink" title="IAST简介"></a>IAST简介</h1><p>IAST (Interactive Application Security Testing) 也叫灰盒测试，即介于白盒和黑盒之间的一种测试，这一场景下的技术不但关注程序输入输出信息（像黑盒程序那样），还可以（注意只是可以，后面会细说）了解部分程序内部逻辑（像白盒测试那样）。因此具备黑白盒测试的优点，被认为是下一代安全扫描技术，被各个行业所关注。许多黑白盒测试技术稍加改造和结合，就可以变为灰盒测试技术。</p>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/iast-悬镜技术分享笔记——灰盒测试/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/iast-OpenRASP初探/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/iast-OpenRASP初探/" class="post-title-link" itemprop="url">OpenRASP初探</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-06-14 16:17:12" itemprop="dateCreated datePublished" datetime="2020-06-14T16:17:12+08:00">2020-06-14</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-06-29 17:07:15" itemprop="dateModified" datetime="2020-06-29T17:07:15+08:00">2020-06-29</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/IAST/" itemprop="url" rel="index"><span itemprop="name">IAST</span></a></span>

                
                
              
            </span>
          

          
            <span id="/iast-OpenRASP初探/" class="post-meta-item leancloud_visitors" data-flag-title="OpenRASP初探" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p>OpenRASP是一种较为成熟的RASP技术开源实现，技术思路主要是上一篇文章中的主动型RASP原理，详细可以见<a href="https://rasp.baidu.com/doc/hacking/architect/hook.html?from=openrasp_internals" target="_blank" rel="noopener">hook函数列表</a>（商业版有动态污点追踪），本文为试用报告，之后有时间会深入看看代码。</p><h1 id="安装"><a href="#安装" class="headerlink" title="安装"></a>安装</h1><h2 id="安装后台"><a href="#安装后台" class="headerlink" title="安装后台"></a>安装后台</h2><ol>
<li><p>安装MongoDB和ElasticSearch（5.6~6）</p>
</li>
<li><p>在<a href="https://packages.baidu.com/app/openrasp/release/latest/" target="_blank" rel="noopener">https://packages.baidu.com/app/openrasp/release/latest/</a>下载<code>rasp-cloud.tar.gz</code></p>
</li>
<li><p>解压并配置<code>conf/app.conf</code>：</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">[prod]</span><br><span class="line">EsAddr = http://127.0.0.1:9200</span><br><span class="line">EsUser =</span><br><span class="line">EsPwd =</span><br><span class="line">MongoDBAddr = 127.0.0.1:27017</span><br><span class="line">MongoDBUser =</span><br><span class="line">MongoDBPwd =</span><br></pre></td></tr></table></figure>
</li>
<li><p>启动<code>./rasp-cloud -d</code>，用户名密码为<code>openrasp::admin@123</code>，后台如下图所示：</p>
<p><img src="/iast-OpenRASP初探/image-20200629161638149.png" alt="image-20200629161638149"></p>
</li>
</ol>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/iast-OpenRASP初探/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/iast-Sqreen初探/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/iast-Sqreen初探/" class="post-title-link" itemprop="url">Sqreen初探</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-06-04 16:37:37" itemprop="dateCreated datePublished" datetime="2020-06-04T16:37:37+08:00">2020-06-04</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-06-05 11:06:12" itemprop="dateModified" datetime="2020-06-05T11:06:12+08:00">2020-06-05</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/IAST/" itemprop="url" rel="index"><span itemprop="name">IAST</span></a></span>

                
                
              
            </span>
          

          
            <span id="/iast-Sqreen初探/" class="post-meta-item leancloud_visitors" data-flag-title="Sqreen初探" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p><a href="https://www.sqreen.com/" target="_blank" rel="noopener">Sqreen</a> 作为一款IAST产品，用户在项目中导入他们的agent，之后可在控制台查看检测到的安全风险，并进行防御（RASP）。</p><h1 id="技术介绍"><a href="#技术介绍" class="headerlink" title="技术介绍"></a>技术介绍</h1><p>如下图所示，Sqreen主要由三个组件组成，MicroAgent、Security Engine和Sqreen Platform，Security Engine部署于MicroAgent内部，开发者只要在启动应用时倒入MicroAgent即可，Platform主要用于接收Agent信息并且可视化给用户。</p>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/iast-Sqreen初探/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/whitebox-毕设基于机器学习的Java漏洞扫描系统/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/whitebox-毕设基于机器学习的Java漏洞扫描系统/" class="post-title-link" itemprop="url">毕设：基于机器学习的Java漏洞扫描系统</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-05-28 20:30:49 / 修改时间：19:45:51" itemprop="dateCreated datePublished" datetime="2020-05-28T20:30:49+08:00">2020-05-28</time>
            </span>
          
            

            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/源码安全/" itemprop="url" rel="index"><span itemprop="name">源码安全</span></a></span>

                
                
              
            </span>
          

          
            <span id="/whitebox-毕设基于机器学习的Java漏洞扫描系统/" class="post-meta-item leancloud_visitors" data-flag-title="毕设：基于机器学习的Java漏洞扫描系统" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p><strong>本文首次发表在<a href="https://www.toutiao.com/i6826913540683596300/" target="_blank" rel="noopener">慕测头条公众号</a>，这里只作归档用</strong></p><h1 id="背景意义"><a href="#背景意义" class="headerlink" title="背景意义"></a>背景意义</h1><p>随着人们对软件安全的不断重视，静态安全扫描系统被部署于开发流程。相对于其他传统分析方法，污点分析技术由于具有较高的可解释性和准确性，目前作为挖掘 Web 漏洞的常用技术，广泛应用于开源和商用扫描器中。</p><p>然而，污点分析方法存在种种不足。首先，污点分析无法处理容器类型，静态污点分析只能将容器变量（如Map、List变量）的传播规则设为传播/不传播污点，造成过污染/欠污染；其次，污点分析无法处理控制流，污点分析并不能识别用于检查数据是否合法的分支语句，导致误报；最后，污点分析无法处理特殊的传播条件，如SSRF漏洞要求攻击者能操纵域名，若污点拼接在URL参数部分，则代码不存在漏洞，而污点分析仍会报告漏洞。为解决这些问题，目前安全工程师只有手动设计精巧的规则，可即使这样仍会产生大量误报甚至漏报。</p>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/whitebox-毕设基于机器学习的Java漏洞扫描系统/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/whitebox-白盒扫描技术综述/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/whitebox-白盒扫描技术综述/" class="post-title-link" itemprop="url">白盒扫描技术综述</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-05-28 19:27:37" itemprop="dateCreated datePublished" datetime="2020-05-28T19:27:37+08:00">2020-05-28</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-05-31 18:02:42" itemprop="dateModified" datetime="2020-05-31T18:02:42+08:00">2020-05-31</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/源码安全/" itemprop="url" rel="index"><span itemprop="name">源码安全</span></a></span>

                
                
              
            </span>
          

          
            <span id="/whitebox-白盒扫描技术综述/" class="post-meta-item leancloud_visitors" data-flag-title="白盒扫描技术综述" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p>写毕设调查背景知识时做的，在<a href="https://www.t00ls.net/thread-56572-1-1.html" target="_blank" rel="noopener">t00ls</a>和<a href="https://forum.90sec.com/t/topic/1087" target="_blank" rel="noopener">90sec</a>发过帖子，这里做归档用。</p><h1 id="词法分析技术"><a href="#词法分析技术" class="headerlink" title="词法分析技术"></a>词法分析技术</h1><p>词法分析技术是最简单的一类漏洞挖掘技术，其主要思想是将代码文本与归纳好的缺陷模式进行匹配，以此发现漏洞。由于其不深入分析程序结构和语义，往往只能挖掘较为简单的一类漏洞，并且存在相当高的误报率，在实际场景下应用较少，但由于其思想简单，适用性很广，目前也还存在类似工具，如：<a href="https://github.com/MobSF/Mobile-Security-Framework-MobSF" target="_blank" rel="noopener">MobSF</a>，<a href="https://github.com/WhaleShark-Team/cobra" target="_blank" rel="noopener">Cobra</a>。</p>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/whitebox-白盒扫描技术综述/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/dev-使用Python优雅调用其他工具或命令/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/dev-使用Python优雅调用其他工具或命令/" class="post-title-link" itemprop="url">使用Python优雅调用其他工具或命令</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2020-03-02 15:32:03" itemprop="dateCreated datePublished" datetime="2020-03-02T15:32:03+08:00">2020-03-02</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-03-21 15:51:07" itemprop="dateModified" datetime="2020-03-21T15:51:07+08:00">2020-03-21</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/安全开发/" itemprop="url" rel="index"><span itemprop="name">安全开发</span></a></span>

                
                
              
            </span>
          

          
            <span id="/dev-使用Python优雅调用其他工具或命令/" class="post-meta-item leancloud_visitors" data-flag-title="使用Python优雅调用其他工具或命令" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <p>Python 开发扫描器时往往会调用其他第三方工具，但是通过 <code>os.system()</code>或者其他命令中是会有这样或那样的坑或不足，本文对这些问题进行总结并提出解决方案，并在结尾给出了一个封装好的类，能较为完美的解决Python调用第三方命令的问题。</p><h1 id="需求"><a href="#需求" class="headerlink" title="需求"></a>需求</h1><ol>
<li>首先，我可以调用任意命令，并且可以在命令执行时向输入通道（stdin）传更多输入，同时Python能实时获取输出通道（stdout）和错误通道（stderr）获程序输出，注意是获取输出，而不是单纯的将输出重定向到屏幕或文件中；</li>
<li>我可以通过返回值，或者程序输出判断第三方程序执行是否出错，如果出错抛出异常或者进行异常处理；</li>
<li>执行命令是最好可以设置超时时间，防止子命令假死而影响主程序；</li>
<li>这段调用程序应该是跨平台的，毕竟Python本身就是跨平台语言。</li>
</ol>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/dev-使用Python优雅调用其他工具或命令/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
        <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block home">
    <link itemprop="mainEntityOfPage" href="http://anemone.top/vulnresearch-Shiro1.2.4反序列化/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Anemone">
      <meta itemprop="description" content="关注Web安全、移动安全、Fuzz测试和机器学习">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Anemone's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">
            
            <a href="/vulnresearch-Shiro1.2.4反序列化/" class="post-title-link" itemprop="url">Shiro v1.2.4反序列化</a>
          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2019-11-25 15:16:43" itemprop="dateCreated datePublished" datetime="2019-11-25T15:16:43+08:00">2019-11-25</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-03-21 16:21:20" itemprop="dateModified" datetime="2020-03-21T16:21:20+08:00">2020-03-21</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/漏洞分析/" itemprop="url" rel="index"><span itemprop="name">漏洞分析</span></a></span>

                
                
              
            </span>
          

          
            <span id="/vulnresearch-Shiro1.2.4反序列化/" class="post-meta-item leancloud_visitors" data-flag-title="Shiro v1.2.4反序列化" title="阅读次数">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
              </span>
              <span class="post-meta-item-text">阅读次数：</span>
              <span class="leancloud-visitors-count"></span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
          <h1 id="原理"><a href="#原理" class="headerlink" title="原理"></a>原理</h1><h2 id="触发入口"><a href="#触发入口" class="headerlink" title="触发入口"></a>触发入口</h2><p>登录点击记住密码时，有rememberMe，下次登陆时会带rememberMe的cookie，rememberMe存在反序列化问题</p><p><img src="/vulnresearch-Shiro1.2.4反序列化/1563415886850.png" alt="1563415886850"></p><h2 id="序列化入口"><a href="#序列化入口" class="headerlink" title="序列化入口"></a>序列化入口</h2><p>调试得到序列化入口和解密方法：</p><figure class="highlight"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">org.apache.shiro.mgt.AbstractRememberMeManager#rememberIdentity(AuthenticationToken, AuthenticationInfo):321</span><br><span class="line">	org.apache.shiro.mgt.AbstractRememberMeManager#rememberIdentity(Subject, PrincipalCollection)</span><br><span class="line">		org.apache.shiro.mgt.AbstractRememberMeManager#convertPrincipalsToBytes(L360:序列化)			</span><br><span class="line">    		org.apache.shiro.mgt.AbstractRememberMeManager#encrypt(加密方法)</span><br></pre></td></tr></table></figure>
          <!--noindex-->
          
            <div class="post-button">
              <a class="btn" href="/vulnresearch-Shiro1.2.4反序列化/#more" rel="contents">
                阅读全文 &raquo;
              </a>
            </div>
          
          <!--/noindex-->
        
      
    </div>

    
    
    
      <footer class="post-footer">
          <div class="post-eof"></div>
        
      </footer>
  </div>
  
  
  
  </article>

    
  </div>

  
  <nav class="pagination">
    <a class="extend prev" rel="prev" href="/"><i class="fa fa-angle-left" aria-label="上一页"></i></a><a class="page-number" href="/">1</a><span class="page-number current">2</span><a class="page-number" href="/page/3/">3</a><span class="space">&hellip;</span><a class="page-number" href="/page/7/">7</a><a class="extend next" rel="next" href="/page/3/"><i class="fa fa-angle-right" aria-label="下一页"></i></a>
  </nav>


          </div>
          

        </div>
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image"
      src="/images/avatar.jpg"
      alt="Anemone">
  <p class="site-author-name" itemprop="name">Anemone</p>
  <div class="site-description" itemprop="description">关注Web安全、移动安全、Fuzz测试和机器学习</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
        
          <a href="/archives/">
        
          <span class="site-state-item-count">70</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
    
      
      
      <div class="site-state-item site-state-categories">
        
          
            <a href="/categories/">
          
        
        <span class="site-state-item-count">31</span>
        <span class="site-state-item-name">分类</span>
        </a>
      </div>
    
      
      
      <div class="site-state-item site-state-tags">
        
          
            <a href="/tags/">
          
        
        <span class="site-state-item-count">86</span>
        <span class="site-state-item-name">标签</span>
        </a>
      </div>
    
  </nav>
</div>
  <div class="feed-link motion-element">
    <a href="/atom.xml" rel="alternate">
      <i class="fa fa-rss"></i>RSS
    </a>
  </div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://github.com/anemone95" title="GitHub &rarr; https://github.com/anemone95" rel="noopener" target="_blank"><i class="fa fa-fw fa-github"></i>GitHub</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="mailto:anemone95@qq.com" title="E-Mail &rarr; mailto:anemone95@qq.com" rel="noopener" target="_blank"><i class="fa fa-fw fa-envelope"></i>E-Mail</a>
      </span>
    
  </div>
  <div class="cc-license motion-element" itemprop="license">
    
  
    <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/deed.zh" class="cc-opacity" rel="noopener" target="_blank"><img src="/images/cc-by-nc-sa.svg" alt="Creative Commons"></a>
  </div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; 2018 – <span itemprop="copyrightYear">2020</span>
  <span class="with-love" id="animate">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">anemone</span>
</div>
  <div class="powered-by">由 <a href="https://hexo.io" class="theme-link" rel="noopener" target="_blank">Hexo</a> 强力驱动 v3.9.0</div>
  <span class="post-meta-divider">|</span>
  <div class="theme-info">主题 – <a href="https://theme-next.org" class="theme-link" rel="noopener" target="_blank">NexT.Pisces</a> v7.4.0</div>

        






  
  <script>
  function leancloudSelector(url) {
    return document.getElementById(url).querySelector('.leancloud-visitors-count');
  }
  if (CONFIG.page.isPost) {
    function addCount(Counter) {
      var visitors = document.querySelector('.leancloud_visitors');
      var url = visitors.getAttribute('id').trim();
      var title = visitors.getAttribute('data-flag-title').trim();

      Counter('get', `/classes/Counter?where=${JSON.stringify({ url })}`)
        .then(response => response.json())
        .then(({ results }) => {
          if (results.length > 0) {
            var counter = results[0];
            Counter('put', '/classes/Counter/' + counter.objectId, { time: { '__op': 'Increment', 'amount': 1 } })
              .then(response => response.json())
              .then(() => {
                leancloudSelector(url).innerText = counter.time + 1;
              })
            
              .catch(error => {
                console.log('Failed to save visitor count', error);
              })
          } else {
              Counter('post', '/classes/Counter', { title: title, url: url, time: 1 })
                .then(response => response.json())
                .then(() => {
                  leancloudSelector(url).innerText = 1;
                })
                .catch(error => {
                  console.log('Failed to create', error);
                });
            
          }
        })
        .catch(error => {
          console.log('LeanCloud Counter Error', error);
        });
    }
  } else {
    function showTime(Counter) {
      var visitors = document.querySelectorAll('.leancloud_visitors');
      var entries = [...visitors].map(element => {
        return element.getAttribute('id').trim();
      });

      Counter('get', `/classes/Counter?where=${JSON.stringify({ url: { '$in': entries } })}`)
        .then(response => response.json())
        .then(({ results }) => {
          if (results.length === 0) {
            document.querySelectorAll('.leancloud_visitors .leancloud-visitors-count').forEach(element => {
              element.innerText = 0;
            });
            return;
          }
          for (var i = 0; i < results.length; i++) {
            var item = results[i];
            var url = item.url;
            var time = item.time;
            leancloudSelector(url).innerText = time;
          }
          for (var i = 0; i < entries.length; i++) {
            var url = entries[i];
            var element = leancloudSelector(url);
            if (element.innerText == '') {
              element.innerText = 0;
            }
          }
        })
        .catch(error => {
          console.log('LeanCloud Counter Error', error);
        });
    }
  }

  fetch('https://app-router.leancloud.cn/2/route?appId=o5UaCJdPfEG0g7MVxXSMagpT-gzGzoHsz')
    .then(response => response.json())
    .then(({ api_server }) => {
      var Counter = (method, url, data) => {
        return fetch(`https://${api_server}/1.1${url}`, {
          method: method,
          headers: {
            'X-LC-Id': 'o5UaCJdPfEG0g7MVxXSMagpT-gzGzoHsz',
            'X-LC-Key': 'c6IN1PuMV3QPltJcrHfn74Gt',
            'Content-Type': 'application/json',
          },
          body: JSON.stringify(data)
        });
      };
      if (CONFIG.page.isPost) {
        const localhost = /http:\/\/(localhost|127.0.0.1|0.0.0.0)/;
        if (localhost.test(document.URL)) return;
        addCount(Counter);
      } else if (document.querySelectorAll('.post-title-link').length >= 1) {
        showTime(Counter);
      }
    });
  </script>






        
      </div>
    </footer>
  </div>

  
  <script src="//cdn.jsdelivr.net/npm/animejs@3.1.0/lib/anime.min.js"></script>
  <script src="https://cdn.bootcss.com/velocity/1.2.1/velocity.min.js"></script>
  <script src="https://cdn.bootcss.com/velocity/1.2.1/velocity.ui.js"></script>
<script src="/js/utils.js?v=7.4.0"></script><script src="/js/motion.js?v=7.4.0"></script>
<script src="/js/schemes/pisces.js?v=7.4.0"></script>
<script src="/js/next-boot.js?v=7.4.0"></script>



  
  <script>
    (function(){
      var bp = document.createElement('script');
      var curProtocol = window.location.protocol.split(':')[0];
      bp.src = (curProtocol === 'https') ? 'https://zz.bdstatic.com/linksubmit/push.js' : 'http://push.zhanzhang.baidu.com/push.js';
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(bp, s);
    })();
  </script>








  
<link rel="stylesheet" href="//cdn.jsdelivr.net/npm/instantsearch.js@2.10.4/dist/instantsearch.min.css">
<script src="//cdn.jsdelivr.net/npm/instantsearch.js@2.10.4/dist/instantsearch.min.js"></script><script src="/js/algolia-search.js?v=7.4.0"></script>











<script>
if (document.querySelectorAll('pre.mermaid').length) {
  NexT.utils.getScript('//cdn.bootcss.com/mermaid/8.2.6/mermaid.min.js', () => {
    mermaid.initialize({
      theme: 'forest',
      logLevel: 3,
      flowchart: { curve: 'linear' },
      gantt: { axisFormat: '%m/%d/%Y' },
      sequence: { actorMargin: 50 }
    });
  }, window.mermaid);
}
</script>




  

  
    
      
        
      
    
      
    
      
    
      
    
      
    
      
    
      
    
      
    
      
    
      
    
  
    
      
<script type="text/x-mathjax-config">

  MathJax.Hub.Config({
    tex2jax: {
      inlineMath: [ ['$', '$'], ['\\(', '\\)'] ],
      processEscapes: true,
      skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
    },
    TeX: {
      equationNumbers: {
        autoNumber: 'AMS'
      }
    }
  });

  MathJax.Hub.Register.StartupHook('TeX Jax Ready', function() {
    MathJax.InputJax.TeX.prefilterHooks.Add(function(data) {
      if (data.display) {
        var next = data.script.nextSibling;
        while (next && next.nodeName.toLowerCase() === '#text') {
          next = next.nextSibling;
        }
        if (next && next.nodeName.toLowerCase() === 'br') {
          next.parentNode.removeChild(next);
        }
      }
    });
  });

  MathJax.Hub.Queue(function() {
    var all = MathJax.Hub.getAllJax(), i;
    for (i = 0; i < all.length; i += 1) {
      element = document.getElementById(all[i].inputID + '-Frame').parentNode;
      if (element.nodeName.toLowerCase() == 'li') {
        element = element.parentNode;
      }
      element.classList.add('has-jax');
    }
  });
</script>
<script>
  NexT.utils.getScript('//cdn.bootcss.com/mathjax/2.7.1/latest.js?config=TeX-AMS-MML_HTMLorMML', () => {
    MathJax.Hub.Typeset();
  }, window.MathJax);
</script>

    
  

  

  


</body>
</html>
